Changes by Ned Deily n...@acm.org:
--
stage: patch review - committed/rejected
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17990
___
___
Changes by Tshepang Lekhonkhobe tshep...@gmail.com:
--
nosy: +giampaolo.rodola, josiahcarlson, stutzbach
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17992
___
Changes by Tshepang Lekhonkhobe tshep...@gmail.com:
--
nosy: +tshepang
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17992
___
___
Charles-François Natali added the comment:
(Note that the Beaker version would need to be enhanced with the extra API
parameters from Victor's version, as well as updated to use the exclusive
open and close-on-exec flags)
I think the API would be nicer if it was just a wrapper around the
New submission from Serhiy Storchaka:
I just found a bug in Tools/scripts/abitype.py:
typeslots = [
'tp_name',
'tp_basicsize',
...
'tp_subclasses',
'tp_weaklist',
'tp_del'
'tp_version_tag'
]
There is a missed comma after 'tp_del'.
Perhaps there are other similar
Ezio Melotti added the comment:
Patch LGTM. Are you planning to look for similar bugs before fixing this?
--
nosy: +ezio.melotti
stage: patch review - commit review
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17993
Giampaolo Rodola' added the comment:
Can you try to figure out where it hangs exactly? I can't reproduce the issue
on Ubuntu and FreeBSD and don't have a Red Hat to test against.
--
___
Python tracker rep...@bugs.python.org
Vinay Sajip added the comment:
The python-daemon documentation states, about files_preserve:
Elements of the list are file descriptors (as returned by a file object's
`fileno()` method) or Python `file` objects. Each specifies a file that is not
to be closed during daemon start.
Notice that
Carlos Nepomuceno added the comment:
I don't know what to do. I tried CTRL+C but it didn't stop. Then I pressed
CTRL+Z and kill the python process and when i got back with 'fg' the make
process had been terminated. No messages were printed.
--
___
Jan Lieskovsky added the comment:
The CVE identifier of CVE-2013-2099 has been assigned:
http://www.openwall.com/lists/oss-security/2013/05/16/6
to this issue.
--
nosy: +iankko
title: ssl.match_hostname() trips over crafted wildcard names - CVE-2013-2099
ssl.match_hostname() trips
Giampaolo Rodola' added the comment:
Does it hang also if you run it directly as in ./python
Lib/test/test_asynchat.py.
Perhaps you ca try ./python -m trace -t Lib/test/test_asynchat.py?
Figuring this out should be relatively easy: you can also just put prints into
test_asynchat.py yourself.
Carlos Nepomuceno added the comment:
./python -m trace -t Lib/test/test_asynchat.py
[...]
--- modulename: asyncore, funcname: poll
asyncore.py(126): if map is None:
asyncore.py(128): if map:
asyncore.py(129): r = []; w = []; e = []
asyncore.py(130): for fd, obj in
Changes by Antoine Pitrou pit...@free.fr:
--
stage: - needs patch
type: - security
versions: +Python 3.2, Python 3.4
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17980
___
Giampaolo Rodola' added the comment:
Nosying Collin Winter as per rev 531d3023b48b.
In the meantime you can try to specify a timeout for join() as in:
diff --git a/Lib/test/test_asynchat.py b/Lib/test/test_asynchat.py
--- a/Lib/test/test_asynchat.py
+++ b/Lib/test/test_asynchat.py
@@ -223,7
Antoine Pitrou added the comment:
Note this can be used for denials of service: see
http://bugs.python.org/issue17980
--
nosy: +pitrou
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue1662581
Antoine Pitrou added the comment:
This is caused by the regex engine's performance behaviour:
http://bugs.python.org/issue1662581
http://bugs.python.org/issue1515829
http://bugs.python.org/issue212521
--
___
Python tracker rep...@bugs.python.org
Antoine Pitrou added the comment:
I would like to know what is the expected scenario:
- does the attacker only control the certificate?
- or does the attacker control both the certificate and the hostname being
validated?
The reason is that the matching cost for a domain name fragment seems to
R. David Murray added the comment:
I've been observing the activity on the argparse issues and am appreciating the
work, but I don't have time right now to review the patches. I should have
more time next month, and expect to get to them then, if no one else gets to
them before I do.
Changes by Antoine Pitrou pit...@free.fr:
--
nosy: +christian.heimes
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17980
___
___
Python-bugs-list
Carlos Nepomuceno added the comment:
Thank you! But what's going on?
Do my system have any limitation that is causing such hang?
Here goes it's ulimit output just in case:
[root@localhost Python-2.7.5]# ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d)
Christian Heimes added the comment:
RFC 2818 doesn't say anything about the maximum amount of wildcards. I'm going
to check OpenSSL's implementation now.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17980
Charles-François Natali added the comment:
Could you provide the output of:
strace -ttT -f ./python Lib/test/test_asynchat.py
--
nosy: +neologix
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17992
Carlos Nepomuceno added the comment:
Full output in the attached file.
[root@localhost Python-2.7.5]# strace -ttT -f ./python Lib/test/test_asynchat.py
[...]
[pid 1697] 08:01:27.815179 select(6, [5], [5], [5], {0, 1}) = 0 (Timeout)
0.010095
[pid 1697] 08:01:27.825348 select(6, [5], [5],
Yogesh Chaudhari added the comment:
Minor modifications based on review comments.
1. Change mib array size to 2,
2. return value set to 0 consistently (in C code), and
3. removed IRIX #defines
--
Added file: http://bugs.python.org/file30282/issue17914-6.patch
Florian Weimer added the comment:
OpenSSL supports only a single wildcard character.
In my tests, I used a host name like
.example.org, and a dNSName like
a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*.example.org. Quadratic
behavior wouldn't be
Illia Polosukhin added the comment:
Amaury,
I didn't update Py_INCREF macro in this patch (because it doesn't expand
it's argument multiple times) - so the examples you are showing will be working
fine.
I've updated Py_XINCREF, but it can't be used as an expression anyway.
Charles-François Natali added the comment:
That's what I thought:
08:01:24.824406 bind(3, {sa_family=AF_INET, sin_port=htons(0),
sin_addr=inet_addr(127.0.0.1)}, 16) = 0 0.24
[pid 1698] 08:01:24.825502 listen(3, 1) = 0 0.35
[pid 1698] 08:01:24.825786 accept(3, unfinished ...
[pid
Carlos Nepomuceno added the comment:
What ports are needed?
[root@localhost Python-2.7.5]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT udp -- anywhere anywhereudp dpt:domain
ACCEPT tcp -- anywhere
Charles-François Natali added the comment:
What ports are needed?
Many tests use random ephemeral ports on the loopback interface (e.g. 43785
above).
You should update your rules to apply to external NIC, not on the loopback.
--
resolution: - invalid
stage: - committed/rejected
Changes by Apostolis Bessas mpes...@gmail.com:
--
nosy: +mpessas
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17980
___
___
Python-bugs-list
Antoine Pitrou added the comment:
Indeed, two wildcards seem to be ok with a 255-character domain name:
$ ./python -m timeit -s import ssl; cert = {'subject': ((('commonName',
'*a*a.com'),),)} try: ssl.match_hostname(cert, 'a' * 250 +'z.com') except
ssl.CertificateError: pass
1000 loops, best
Giampaolo Rodola' added the comment:
Good catch!
I think we better set a general timeout so that the tests fail instead of
hanging though.
Carlos can you try the patch in attachment and confirm you see failures instead
of hangings?
--
keywords: +patch
Added file:
Antoine Pitrou added the comment:
In my tests, I used a host name like
.example.org, and a dNSName
like a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*a*.example.org.
Quadratic behavior wouldn't be too bad because the host name is
necessarily rather
Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com:
--
nosy: +Arfrever
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17980
___
Florian Weimer added the comment:
The host name is looked up to get the IP address to connect to. The lookup
will fail if the host name is longer than 255 characters, and the crafted
certificate is never retrieved.
--
___
Python tracker
Carlos Nepomuceno added the comment:
Yes, but I don't have the git clone.
Can you send the complete file instead of the patch?
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17992
___
Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com:
--
nosy: +Arfrever
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17206
___
Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com:
--
nosy: +Arfrever
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17589
___
Carlos Nepomuceno added the comment:
BTW, problem solved with:
iptables -A INPUT -d 127.0.0.1 -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -j ACCEPT
Thanks a lot! \o
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17992
Yogesh Chaudhari added the comment:
Typo fix
--
Added file: http://bugs.python.org/file30284/issue17914-7.patch
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17914
___
Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com:
--
nosy: +Arfrever
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue8604
___
Changes by Antoine Pitrou pit...@free.fr:
--
stage: - patch review
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue8604
___
___
Python-bugs-list
Changes by Giampaolo Rodola' g.rod...@gmail.com:
Added file: http://bugs.python.org/file30285/test_asynchat.py
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17992
___
Changes by Giampaolo Rodola' g.rod...@gmail.com:
Added file: http://bugs.python.org/file30286/test_asyncore.py
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17992
___
Changes by Antoine Pitrou pit...@free.fr:
--
nosy: +eli.bendersky
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17989
___
___
Python-bugs-list
Christian Heimes added the comment:
I think a malicious user could abuse SNI to craft a longer host name and
trigger the pathological case.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17980
Carlos Nepomuceno added the comment:
Tried to use the new files[1] but they use 'support' instead of 'test_support'
from 'test' module.
[1] test_asynchat.py, test_asyncore.py
--
___
Python tracker rep...@bugs.python.org
Giampaolo Rodola' added the comment:
Nevermind. It's an easy patch so I'm going to commit it anyway.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17992
___
Julien Palard added the comment:
I understand the files_preserve parameter, the bug I'm filling is the
innability of SysLogHandler to reopen the socket, although it tries :
// DaemonContext closing all FDs:
close(3)= 0
close(2)= 0
Carlos Nepomuceno added the comment:
Ok! Thanks a lot!
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17992
___
___
Python-bugs-list mailing
Roundup Robot added the comment:
New changeset 3ee61b048173 by Giampaolo Rodola' in branch 'default':
Issue #17992: Add timeouts to asyncore and asynchat tests so that they won't
accidentally hang.
http://hg.python.org/cpython/rev/3ee61b048173
--
nosy: +python-dev
Amaury Forgeot d'Arc added the comment:
The last patch (17206-3.diff) has tests for the 4 macros, and looks good to me.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17206
___
Antoine Pitrou added the comment:
In GnuTLS, _gnutls_hostname_compare() (lib/gnutls_str.c) uses a trivial
recursive approach with a maximum number of 5 wildcards.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17980
Giampaolo Rodola' added the comment:
+1 for returning None.
I haven't looked into patches but if needed feel free to borrow some code from
psutil:
Linux:
Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com:
--
nosy: +Arfrever
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17988
___
Changes by Arfrever Frehtes Taifersar Arahesis arfrever@gmail.com:
--
nosy: +Arfrever
versions: +Python 3.4
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17989
___
Barry A. Warsaw added the comment:
Of course, I have my own atomic-rename thing, but I'm not going to post the
code here. It's fairly limited to my own use case and I have no interest in
making it cross platform.
That being said, I personally found that a context manager with a signature
New submission from Ian Cordasco:
Stemming from a StackOverflow question[1] and a conversation with Marc-Andre
Lemburg via email, I'm filing this issue without any easy way of confirming it
myself.
It seems that the logic in platform.python_implementation() has been obsoleted
by a change
Changes by Brian Curtin br...@python.org:
--
nosy: +brian.curtin
stage: - test needed
type: - behavior
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17994
___
Changes by Antoine Pitrou pit...@free.fr:
--
nosy: +dino.viehland
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17994
___
___
Python-bugs-list
Richard Oudkerk added the comment:
I have done an updated patch. It no longer special cases Windows, so realloc()
is always used for enlarging the buffer (except when fstat() is missing).
Antoine, do you think this is ready to commit?
--
Added file:
Changes by Richard Oudkerk shibt...@gmail.com:
Removed file: http://bugs.python.org/file26986/readall-benchmark.py
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15758
___
Changes by Jeffrey C. Jacobs timeho...@users.sourceforge.net:
--
nosy: +timehorse
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17980
___
___
Changes by Barry A. Warsaw ba...@python.org:
--
nosy: +barry
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17222
___
___
Python-bugs-list mailing
Barry A. Warsaw added the comment:
Antoine says:
Ah, right. Well, there would be an argument not to use os.replace() in
py_compile, since it's an offline processing step which generally
shouldn't race with another (online) processing step.
But I think that's not necessarily true.
Vinay Sajip added the comment:
I see what you're saying now, but there's no explicit close in logging, so it's
coming from somewhere lower down. Let's examine what happens when we try to
emit the record:
- def emit(self, record):
(Pdb)
/usr/lib/python2.7/logging/handlers.py(791)emit()
- msg
Roundup Robot added the comment:
New changeset d62f71bd2192 by Brian Curtin in branch '3.3':
Add Nick Sloan for his contribution to #17732
http://hg.python.org/cpython/rev/d62f71bd2192
--
___
Python tracker rep...@bugs.python.org
Antoine Pitrou added the comment:
Ah, right. Well, there would be an argument not to use os.replace() in
py_compile, since it's an offline processing step which generally
shouldn't race with another (online) processing step.
But I think that's not necessarily true.
Vinay Sajip added the comment:
We'll try this with a simple script which doesn't use logging at all:
import os
import socket
MSG1 = '14Hi, \x00'
MSG2 = '14there!\x00'
sock = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM)
sock.connect('/dev/log')
sock.send(MSG1)
os.close(sock.fileno()) #
New submission from Nobody/Anonymous:
report,您好!
$$
158766中 坚 力 量 6 堂 课158766
5月18-19日 北 京 05月25-26日 上 海 6月08-09日 深 圳
热 线 电 话 : 4 0 0 7 0 5 0 5 1 9
Tim Peters added the comment:
Wildcard matching can easily be done in worst-case linear time, but not with
regexps. doctest.py's internal _ellipsis_match() shows one way to do it
(doctest can use ... as a wildcard marker).
--
nosy: +tim_one
___
Changes by Fred L. Drake, Jr. fdr...@gmail.com:
--
resolution: - rejected
status: open - closed
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17995
___
jan matejek added the comment:
The fix causes regression on my 64bit little-endian machine. It seems that
while parsing the arguments, the length value overwrites part of the string
pointer.
--
nosy: +matejcik
___
Python tracker
Georg Brandl added the comment:
Thanks for the attribution, that was definitely an oversight on my part.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17732
___
Georg Brandl added the comment:
We've now found a wrongful section in C code releasing the GIL in spite of
calling Python malloc functions, and I'm going to blame this failure on that.
--
resolution: - rejected
status: open - closed
___
Python
jan matejek added the comment:
hmm, but it's caused by a private patch claiming that _testcapimodule.c is
PY_SSIZE_T_CLEAN. sorry for the noise.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17928
Christian Heimes added the comment:
We could use an algorithm that doesn't need regexp for most cases.
pseudo code:
value = value.lower()
hostname = hostname.lower()
if '*' not in value:
return value == hostname
vparts = valuesplit(.)
hparts = hostname.split(.)
if len(vparts) !=
Richard Oudkerk added the comment:
The line
sock = socket.socket(socket.AF_UNIX, socket.SOCK_DGRAM)
overwrites the old broken socket with a new one with the same fd. The old
socket's destructor closes the fd of the new socket.
--
nosy: +sbt
Antoine Pitrou added the comment:
Wildcard matching can easily be done in worst-case linear time, but
not with regexps. doctest.py's internal _ellipsis_match() shows one
way to do it (doctest can use ... as a wildcard marker).
Thanks, this may be a nice enhancement for 3.4.
For 3.2 and
Antoine Pitrou added the comment:
Here is a patch allowing at most 2 wildcards per domain fragment. Georg, do you
think this should go into 3.2?
--
keywords: +patch
nosy: +georg.brandl
Added file: http://bugs.python.org/file30288/ssl_wildcard_dos.patch
Vinay Sajip added the comment:
The old socket's destructor closes the fd of the new socket.
Aha! Nice one. But what's the correct fix? I suppose a
self.sock = None
before every self.sock = socket.socket call would fix seem this, and while I
can certainly make this change in SysLogHandler,
Georg Brandl added the comment:
It's certainly a security fix, but probably not one that warrants an immediate
release.
If you commit it to the 3.2 branch, that's fine, it will get picked up by
coming releases.
--
___
Python tracker
W. Owen Parry added the comment:
I started working on a patch for this, but the more I think about it the less I
am convinced it is wanted.
The issue requests that os.listdir('') be equal to os.listdir('.')
The given example of os.path.join doesn't follow this:
os.path.join('','aaa')
'aaa'
Richard Oudkerk added the comment:
Rather than
self.sock = None
I would do
self.sock.close()
which should work better for non-refcounted Pythons.
Of course it would be better to do this immediately after forking (i.e. before
any more fds are created), otherwise you could still
Changes by STINNER Victor victor.stin...@gmail.com:
--
nosy: +haypo
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17980
___
___
Python-bugs-list
Roundup Robot added the comment:
New changeset 7c60cf756097 by Victor Stinner in branch 'default':
Issue #17964: Fix os.sysconf(): the return type of the C sysconf() function
http://hg.python.org/cpython/rev/7c60cf756097
--
nosy: +python-dev
___
Gregory P. Smith added the comment:
The recommendation for anyone using regular expressions on hostile input is to
(a) don't do that. (b) use a better regexp without this possible behavior and
(c) use something like re2 (there's a Python binding at
https://github.com/axiak/pyre2) which is a
STINNER Victor added the comment:
The bug does also exist in Python 2.7, 3.2 and 3.3, but I prefer to not fix it
in these versions because I'm not 100% sure that the return type is long on all
platforms and because nobody noticed the issue since years. So if I broke
something, I prefer to
Gregory P. Smith added the comment:
Indeed, doing this _without a regexp_ is preferred. :)
--
nosy: +gregory.p.smith
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17980
___
Antoine Pitrou added the comment:
I posted a couple of review comments.
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue15758
___
___
STINNER Victor added the comment:
Applied to 3.3 and 3.4. I'll leave this issue open
for a week so that Victor can comment on Unicode/wide-characters.
I don't know (n)curses, but I tried to improve the curses module of Python. I
added an encoding attribute which is the locale encoding by
STINNER Victor added the comment:
@Antoine (author of the commit fixing #1983): any opinion?
--
nosy: +pitrou
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17931
___
Antoine Pitrou added the comment:
Sounds fine to me, but perhaps better test the patch before committing?
(or wait for the buildbots to crash)
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17931
STINNER Victor added the comment:
ins_macro-2.diff looks good to me, go ahead!
--
___
Python tracker rep...@bugs.python.org
http://bugs.python.org/issue17917
___
___
Roundup Robot added the comment:
New changeset 3d523f0c0a9d by Ned Deily in branch 'default':
Add comment about avoiding --enable-shared for uninstalled builds. This should
also cause the resources ref link in the Editors and Tools section to be
updated (Issue17952).
STINNER Victor added the comment:
Oh, I just noticed the following check in pyport.h:
#if SIZEOF_PID_T SIZEOF_LONG
# error Python doesn't support sizeof(pid_t) sizeof(long)
#endif
I don't understand this test, longobject.h contains:
#elif defined(SIZEOF_LONG_LONG) SIZEOF_PID_T ==
STINNER Victor added the comment:
_PyBytesWriter API makes the code slower and does not really reduce the number
of lines, so I'm closing this issue as invalid.
--
resolution: - invalid
status: open - closed
___
Python tracker
Ned Deily added the comment:
Thanks for the report. To resolve Issue17820, the target of the link in
setup#editors-and-tools was changed from the Key Resources section to the
Additional Resources section. However, because the setup page itself was
not modified, it was not automatically
Roundup Robot added the comment:
New changeset d91da96a55bf by Vinay Sajip in branch '2.7':
Issue #17981: Closed socket on error in SysLogHandler.
http://hg.python.org/cpython/rev/d91da96a55bf
New changeset 590b865aa73c by Vinay Sajip in branch '3.3':
Issue #17981: Closed socket on error in
STINNER Victor added the comment:
Oh, the sqlite3 module has an interesting function:
PyObject *
_pysqlite_long_from_int64(sqlite_int64 value)
{
#ifdef HAVE_LONG_LONG
# if SIZEOF_LONG_LONG 8
if (value PY_LLONG_MAX || value PY_LLONG_MIN) {
return _PyLong_FromByteArray(value,
1 - 100 of 105 matches
Mail list logo